[LINUX] Omit password entry during SSH

Rough flow

--Create a private / public key pair on the server before the move and register the public key on the destination server. --Authenticate with the passphrase specified when creating the private key instead of the password of the destination server -No change (in the sense that you will be asked for some password) --Register your passphrase with ssh-agent to avoid being asked for your passphrase every time --The ssh-agent registration status is reset every time the shell is restarted. --E.g. PuTTY's duplicate session ――After all, you end up doing ssh-add every time --Introduced keychain to retain ssh-agent registration information

Login with public key authentication

Preparation on the source server

Creating a public key

$ ssh-keygen

If you do not enter anything, two files, id_rsa and id_rsa.pub, will be generated. The passphrase decided here will be used for authentication in the future.

--id_rsa is the private key (not disclosed to others) --id_rsa.pub public key (shared with others)

Public key authentication can be performed by registering the person with **. pub ** on the server after moving.

Settings in ~ / .ssh / config

Edit ~ / .ssh / config to manage ssh settings as follows.

Host ${hostname}
    HostName ${IP address}
    User ${username}
    IdentityFile ~/.ssh/id_rsa #The path of the private key file created in the above process

with this

$ ssh ${hostname}

When you do, the private key path will be specified (you can also specify it by typing ssh ~~ on the command line).

Preparation on the destination server

Added source server public key id_rsa.pub to ~ / .ssh / authorized_keys Now, the private key of the pre-movement server and the public key of the destination server are verified and authenticated.

What you can do so far

Authentication will be performed using the passphrase specified when id_rsa was generated, instead of the password of the destination server. ** However, the effort does not change in the sense that some kind of password is required. ** **

Memory of passphrase using ssh-agent (can be skipped when introducing keychain)

To avoid this problem, let ssh-agent remember the passphrase (used for private key authentication).

$ eval `ssh-agent`
$ ssh-add ~/.ssh/id_rsa

[Qiita @ evakichi: When I find it troublesome to enter a passphrase every time with SSH] (https://qiita.com/evakichi/items/abb6dde9df78f049b913)

However, the ssh-agent registration information is reset every time the shell is restarted. For example, SSH connection with PuTTY and ssh-add → Even if you open a new window with duplicate session, the information cannot be used and you need to ssh-add again.

Introduction of keychain

[Notes for information students: "keychain" that dramatically reduces the number of passphrase entries] (http://note-for-cs.seesaa.net/article/400265433.html) Is detailed. However, note that the installation method and URL have changed.

The latest information and sources are GitHub: keychain Keychain Official Wiki (link from the above page)

Installation method

--Download from GitHub above --Pass the path to the keychain in it (no need to build) --For example, link to ~ / local / bin / keychain, put ~ / local / bin to $ PATH --Is "Please apply your patches to keychain.sh, not the generated keychain script" on GitHub for keychain developers? --Add the following to .bash_profile as per the official Wiki above


eval `keychain --eval --agents ssh id_rsa`

This frees you from the hassle of "launching ssh-agent and entering your passphrase with ssh-add ..." every time you start it!

Recommended Posts

Omit password entry during SSH